You are on page 1of 13

DEFINING SECURITY

FOR TODAY’S CLOUD
ENVIRONMENTS

Security Without Compromise
CONTENTS

INTRODUCTION 1

SECTION 1: STRETCHING BEYOND STATIC SECURITY 2

SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5

SECTION 3: HOW TO CHOOSE A CLOUD SECURITY SOLUTION 8

CONCLUSION 10
INTRODUCTION
Enterprises have rapidly incorporated cloud computing an increasingly urgent concern, considering that
over the last decade. Private cloud infrastructure accelerated infrastructural changes might expose new
(including virtualization and software-defined defensive gaps.
networking) is in the process of transforming on-
premise data centers, which host the majority of As today’s enterprise data centers evolve from static

enterprise server workloads around the world. At the internal environments to a mix of private, public,

same time, enterprises embracing public clouds at and hybrid clouds, organizations need to augment

an unprecedented rate, with most connecting back traditional firewalls and security appliances (deployed

to on-premise environments in a true hybrid cloud. for north-south traffic at the network edge) with

But the problem of ever-evolving persistent threats expanded protection for east-west traffic, both within

makes protection of end-users and sensitive data internal networks and across clouds.

1 INTRODUCTION
01
STRETCHING Cloud computing really encompasses a number of
different deployment methodologies and approaches
BEYOND that complement each other. But despite the

STATIC disparate types of deployments, they share common

SECURITY
characteristics and benefits that define the very notion
of cloud computing.
§§ Elastic capacity and scale
§§ Agile provisioning and deployment
§§ On-demand consumption and pricing

To maintain a strong security posture in private, public,
and hybrid clouds, organizations need to increase
security to keep pace with these more dynamic and
fast-paced environments. There are two specific areas
that require additional attention to protect critical
assets and users from outside threats.

2 STRETCHING BEYOND STATIC SECURITY
SCALING PROTECTION

Cloud computing enables rapid development and Security needs elasticity to scale with the cloud
delivery of highly scalable applications. But this infrastructure itself and to provide transparent
capability isn’t worth much if an organization can’t protection without slowing down the business. As
maintain the trust of users by ensuring confidentiality applications spin up and down with user demand in
and data privacy at the same time. both private and public clouds, appropriate security
rules should be automatically provisioned to new
virtual machine instances.

3 STRETCHING BEYOND STATIC SECURITY
SEGMENTATION

With the IT efficiencies gained by pooling resources
(e.g., compute, storage, network) through
technologies such as virtualization and software-
defined networking (SDN), cloud environments have
become increasingly aggregated, to the point where
entire data centers can be consolidated. The mix of
data center traffic has shifted from north-south to
east-west as these software-defined environments
continually optimize underlying hardware utilization and
efficiency on flatter scale-out architectures.

If a hacker or advanced threat breaches the cloud
perimeter via a single vulnerable application, however,
there’s typically little to protect critical assets within
the flat and open internal network. To minimize that
serious potential for damage and loss, organizations
need to isolate business units and applications.
Networks need to be intelligently segmented into
functional security zones to control east-west traffic.

4 STRETCHING BEYOND STATIC SECURITY
02
NEW DEFENSES
FOR CLOUD
ENVIRONMENTS
In terms of elastic security, today’s cloud environments §§ Private cloud - scaling protection automates
require physical firewalls that provide highly scalable service insertion and chaining of security
north-south data center firewall and network security appliances in virtual and software-defined
protection at the edge of the private cloud. They networks. It also auto-provisions firewall and
security rules to new web and app instances.
also need virtual firewalls that provide north-south
protection for public clouds. §§ Public cloud - scaling protection auto-scales
network security capacity with elastic workloads,
High-performance firewalls and network security while auto-provisioning firewall and security rules to
appliances need to scale vertically to meet volume and new web and app instances.
performance demands, as well as lateral scalability to §§ Hybrid cloud - scaling protection provides
seamlessly track and secure data from IoT/endpoints, site-to-site VPN connectivity to migrate workloads
to provider clouds, as well as remote VPN access
across the distributed network/data center, and into
to administer workloads in the cloud.
the cloud.

5 NEW DEFENSES FOR CLOUD ENVIRONMENTS
End-to-end segmentation provides deep visibility into even finer micro-segmentation strategy—firewalling
traffic that moves east-west across the distributed workloads regardless of physical network topology,
down to a single virtual workload.
network, limits the spread of malware, and allows for
the identification and quarantining of infected devices. §§ Public cloud - segmentation isolates
applications and workloads while ensuring privacy
A robust end-to-end segmentation strategy includes
and compliance in hosted provider environments.
internal segmentation firewalling across data centers,
§§ Hybrid cloud - segmentation targets the
campuses, and branch offices.
persistent connections between private and
§§ Private cloud - segmentation isolates
public clouds and inspects the traffic between
applications and data in increasingly consolidated
the two. Additional layers of protection are
environments. It employs end-to-end segmentation
critical within hybrid cloud environments, especially
between private cloud, campus, and branch
considering the increasingly porous nature of
offices. Organizations should also consider an
network perimeters.

6 NEW DEFENSES FOR CLOUD ENVIRONMENTS
The underlying security infrastructure should offer work together as an integrated security system with
automatic awareness of dynamic changes in the true visibility and control.
cloud environment to provide seamless protection.
Solutions should also be built on an extensible platform
It’s not enough to detect bad traffic or block malware
with programmatic APIs (REST and JSON) and other
using discrete security devices. Security should be
interfaces to integrate with hypervisors, SDN controllers,
integrated into SIEM and other analytics in private and
cloud management, orchestration tools, and software-
public clouds, with the ability to orchestrate changes
defined data centers and clouds. This enables security
to security policy/posture automatically in response to
that dynamically adapts to the evolving network
incidents and events. The individual elements need to
architecture and the changing threat landscape.

7 NEW DEFENSES FOR CLOUD ENVIRONMENTS
03
HOW TO CHOOSE
A CLOUD
SECURITY SOLUTION
When evaluating a security solution, there are a few §§ Is it actionable? You need a common set of
general questions to start with. threat intelligence and centralized orchestration
that allows security to dynamically adapt as new
§§ Is it scalable? A comprehensive security strategy
threats are discovered.
must be elastic in both depth (performance and
deep inspection) and breadth (end-to-end). §§ How open is it? Well-defined, open APIs allow
technology partners to become part of the fabric—
§§ Is it aware? You need to not only track how data
helping to maximize investments while dynamically
flows in and out of your network, but also how it
adapting to changes.
moves within the perimeter and who has access to it.
§§ Is it really secure? The different tools that protect
your network need to work together as an
integrated system with visibility and control.

8 HOW TO CHOOSE A CLOUD SECURITY SOLUTION
Other specific features to look for might include:
§§ Software-defined Security: Look for a
unified security platform with a single OS to enable
orchestration and automation across physical,
virtual, and cloud-based security.
§§ Integration: Solutions should integrate with
VMware vSphere and NSX environments as well
as public cloud environments like AWS and Azure
to provide on-demand provisioning, pay-as-you-go
pricing, elastic auto-scaling, and unified analytics
that enhance protection and visibility.
§§ Single-Pane-of-Glass Visibility and Control:
Your security solution should include centralized
management with a consolidated view of policies
and events—regardless of physical, virtual, or
cloud infrastructure.

9 HOW TO CHOOSE A CLOUD SECURITY SOLUTION
CONCLUSION
The evolving enterprise network combined with the The next generation of agile and elastic security
transition to a digital business model present some solutions must transcend the static nature of their
of the biggest current challenges to network security. forebears to fundamentally scale protection while
Rapid adoption of private, public, and hybrid clouds is providing segmentation within and across cloud
driving the evolution of cloud security. environments—helping organizations embrace the
benefits of an evolving infrastructure while anticipating
the attack vectors of current and emerging threats.

10 CONCLUSION
Security Without Compromise

www.fortinet.com Copyright © 2016 Fortinet, Inc. All rights reserved.